Re: [registrars] EPP Informed Consent

["Ross Wm. Rader" <ross@tucows.com>]

> Unlike the .AU policy that does not provide for an emergency NAC, the
.ORG,
> .CN (and hopefully .US) policies keep in place the 5 day transfer window.
> Therefore, should an auth code be stolen, and fraudulently submitted and
> reconfirmed, the registrant would still have a 5 day emergency window to
let
> him/her know that a transfer is about to take place. This is something I
> think the .AU policy is missing.
>
> Actually, Ross if you read the proposed .US policy I have put in language
> which states that the access and modification of the Auth Code should be
no
> more difficult than changing DNS. I actually got this idea from the
> Transfer's Task Force Report. Speaking with Paul at Enom I believe they
> already have this feature integrated into their system rather easily.
>
> So I think the first two questions have been addressed.

These are all reasonable safe guards, but it has been my experience that in
situations where authorization was obtained through "less than appropriate"
means that it is not always possible to catch within the five days and
certainly not always resolvable within 5 days. Without a process in place to
"undo" a transfer (ie - revert it back to its original state) and a process
in place that will allow the undo function to be invoked appropriately (ie -
with all of the facts at hand), then we are very much left in the position
where we are today - that it is impossible to get a name back to the
rightful registrant unless a) the gaining registrar is particularly
benevolent or b) the losing registrar can afford to go to the courts to get
a name back on behalf of a registrant.

Your proposal might deal with this implicitly, but it didn't immediately
jump out at me, hence my comments. I've promised you a full read when I get
the chance, so perhaps this pre-analysis might be pre-mature :)

>
> With regard to being gTLD ready, it is going live with .CN and hopefully
> .US. It is already operational in .AU. The ground work has been laid in
the
> PIR .ORG contract. Hopefully if .CN and .US prove successful, PIR may be
> convinced to incorporate this change. If not I think it would be in the
> constituency's best interest to approach Afilias (.INFO), NeuStar (.BIZ)
and
> GNR (.NAME) to ask for a similar contract change.
>

Efficient and secure transfer processes most benefit registries from an
economic perspective. Their continued support in resolving this matter is
crucial.

> I believe both the Task Force Report and Principles allow for registries
to
> make policy improvements.

I'm not sure what you mean here. If you are saying that both the TF Report
as well as the Principles represent improved recommendations that the
Registries can implement, then I would agree. I'm not sure that either
provide Registries with the capability to arbitrarily determine "policy
improvements" however...

-rwr